Introduction
We recognise our responsibility to treat your personal information with care and to comply with all relevant legislation, in particular the Data Protection Act 2018 and the EU General Data Protection Regulation (GDPR) which we refer to as the “legislation” in this document. This notice covers our requirement to provide you with information on how and why we use your personal data and of your rights under the legislation.
Data Controller
We have provided you with a quotation and/or administer your insurance policy and are classed as the “data controller” which means we process your data. Our contact details are shown at the foot of this notice. Your data may be passed to other parties, including Insurers, for the purposes of arranging your insurance. These parties could also be data controllers and, where necessary, will issue their own Data Protection Privacy Notices.
Personal Information
Some of the personal information we ask you to provide may be sensitive (special category) as defined in the legislation, for example. you may have to give us information about your medical history. Whilst you are not obliged to do this, it is difficult for us to obtain accurate quotes and do business with you. Under the legislation, we are authorised to collect such information for specified “insurance purposes” without your specific consent, but it will only be used for the purposes set out above. By giving us information about another person, you confirm that they have given you permission to provide it to us and that we may use their personal data in the same way as your own as set out in this notice.
We will use personal information about you mainly to:
- Provide you with a quotation from Insurers;
- Arrange and administer your policy if you buy one through us;
- Inform you about our products and services;
- perform statistical and analytical research
Legal Basis for processing your Personal Information
We are required to have a lawful basis (as defined in the legislation) in order to process your personal data. When we are providing quotations; arranging and administering insurance policies this is necessary for the performance of an insurance contract. We will only market to you with information, products, and or services where we have the legitimate interests of the company or explicit consent from you. We are legally obliged to notify you with any changes in our services. We may use your data for statistical analysis where we have legitimate interests in refining and enhancing the products and pricing which we offer. We process your data to meet legal and regulatory obligations.
Disclosure of your Personal Information
As a vital part of providing you with the services described above we may need to disclose your personal data to other third parties. These include: Insurers, Insurance Industry databases, Government databases, Regulatory authorities and the Police/other law enforcement bodies and this will be to assist with fraud prevention and detection, or to exercise or defend its legal rights or where required by law.
Your Rights
Under the legislation you have the following rights in relation to our processing of your personal data:-
- The right to be informed about how we use your personal data (This Privacy Notice);
- The right to see a copy of the personal information we hold about you. (In most cases this will be free of charge);
- The right to have personal information rectified if inaccurate or incomplete;
- The right of erasure of your personal information where there is no compelling reason for its continued processing;
- The right to restrict processing in certain circumstances, e.g. if its accuracy is being contested;
- The right to data portability which, subject to certain conditions, allows you to obtain and reuse your personal data across different services;
- The right to object to certain processing including for the purposes of direct marketing;
- Rights to information in relation to automated decision making and profiling.
International transfers of data
We may transfer your personal data to destinations outside the European Economic Area (EEA). Where we do we will ensure that it is treated securely and in accordance with the legislation.
Retention Period
Your data will not be retained for longer than is necessary and will be managed in accordance with our data retention policy. In most cases the period will be for a maximum of 7 years following the expiry of an insurance contract unless we are required to retain the data for a longer period due to business, legal or regulatory requirements.
Marketing
We may contact you by email, text, telephone, mail or other agreed means to keep you up to date about our products and services. The legislation allows us to do this in our own commercial interests for certain communications with previous customers. In other circumstances we can only do so with your explicit consent. In all cases you can opt out from receiving such communications at any time.
Complaints/Contact us
If you have a complaint about how we use your personal information please contact us at the address below. You also have the right to lodge a complaint with the Information Commissioner’s office at any time.
For further information on this Privacy Notice, to access your personal information or to exercise any of your other rights, please contact The Data Protection Officer, CompareHealthInsurance.co.uk, Unit A, Farriers Courtyard, Spelmonden Road, Cranbrook, TN17 1HE or email: info@comparehealthinsurance.co.uk.